Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Netgear/Linksys to Cisco 3005 Concentrator problem

Hi,

We are having problems setting a LAN-LAN ipSec tunnel between a Netgear VPN router (the clients) and our 3030 concentrator. It is set up as ipSec with pre-shared keys, using MD5 and 3DES. What I am seeing is ipSec phase 1 completion, but the device fails on phase 2, with the error of being unable to satisfy the SA request of the Netgear router. SA's on both sides look the same.

My questions:

1. has anybody had the netgear VPN routers connect to a VPN concentrator as a LAN-LAN tunnel.

2. What is the message (we were getting initially) of "Malformed payload"

3. Will this also work if the VPN Concentrator local network is not directly attached. (i.e. will the concentrator still proxy arp?)

i.e.

inside netgear device address: 192.168.1.0/24

outside netgear device address: 202.XXX.YYY.0/24

inside vpn 3030 device address: 128.AAA.BBB.0/24

outside vpn 3030 device address: 128.AAA.BBB.1/32

(the 3030 is single armed)

Address to connect to (128.AAA.CCC.10) is attached to 128.AAA.BBB.0/24 network via a router.

Thanks in advance.

David

2 REPLIES
Silver

Re: Netgear/Linksys to Cisco 3005 Concentrator problem

inside vpn 3030 device address: 128.AAA.BBB.0/24

outside vpn 3030 device address: 128.AAA.BBB.1/32

these addresses are on the same subnet. are they assigned to the inside and outside interfaces? this would almost assuredly result in a routing problem.

is "address to connect to" a server the netgears' clients are trying to connect to.

New Member

Re: Netgear/Linksys to Cisco 3005 Concentrator problem

True,

As the vpn concentrator is one armed (the private interface is also the public), I can only assume the VPN concentrator creates host routes for each of the addresses in the inside range, excluding the outside address (not truely a 128.AAA.BBB.0/24).

We currently use this for our pptp vpn (internal wireless) without problems.

Address to connect to is the end host the clients are trying to connect to by using the LAN-LAN tunnel as a n encrypted bridge.

139
Views
0
Helpful
2
Replies